Re: HTTP over 443/TCP

[Joel Esler <jesler () sourcefire com>]

Eoin,

I got your other email as well, but I thought I'd answer you onlist.

We are currently evaluating what impact that would have.  I'll let you know.

J

On Nov 16, 2011, at 5:54 PM, Eoin Miller wrote:

> Looking into the Snort.conf setup for the http_inspect preprocessor, it
> doesn't have 443 in it by default. Was just working on some signatures
> for botnet stuff using cleartext HTTP on 443/tcp and I was wondering why
> it wouldn't fire off when using http_inspect content modifiers.
>
> Is there any specific reason for not including 443/tcp in the default
> snort.conf http_inspect setup?
>
> -- Eoin


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!